A full-stack task management application deployed on a production Kubernetes cluster with zero-trust security via Cloudflare Tunnel. Built with modern technologies and cloud-native best practices.
π Live Application: https://tm.ggdevs.site
- β User Authentication - Secure registration and login with JWT tokens
- β Task Management - Full CRUD operations (Create, Read, Update, Delete)
- β Task Status Toggle - Mark tasks as completed/incomplete
- β User Isolation - Each user can only access their own tasks
- β Persistent Storage - Data stored in PostgreSQL with 5GB persistent volume
- β Real-time Updates - React SPA with instant UI feedback
- π Zero-Trust Security - Cloudflare Tunnel (no exposed ports)
- π Global CDN - Cloudflare edge network for low latency
- π‘οΈ DDoS Protection - Built-in Layer 7 protection
- β‘ High Availability - 2 replicas for frontend and backend
- π Auto-scaling - Kubernetes horizontal pod autoscaling
- π Monitoring - Readiness and liveness probes
- Framework: Spring Boot 3.5.6
- Language: Java 21 (LTS)
- Security: Spring Security 6 + JWT (JJWT 0.12.6)
- Database: PostgreSQL 16 (Alpine)
- ORM: Hibernate / JPA
- Connection Pool: HikariCP
- Build Tool: Maven 3.9
- Container: Eclipse Temurin 21 JRE Alpine
- Framework: React 18
- Build Tool: Vite 5
- UI Library: Custom CSS (responsive design)
- HTTP Client: Fetch API
- Routing: React Router DOM
- Web Server: Nginx 1.29 (Alpine)
- Orchestration: Kubernetes
- Container Runtime: Docker
- Ingress Controller: Traefik
- Tunnel: Cloudflare Tunnel (cloudflared)
- DNS & SSL: Cloudflare (Universal SSL)
- Registry: Docker Hub
- Storage: Kubernetes Persistent Volumes
- CI/CD: Docker multi-stage builds
- Version Control: Git / GitHub
- Secrets Management: Kubernetes Secrets
- Configuration: ConfigMaps, Environment Variables
1. Cloudflare Tunnel (Zero-Trust)
- No public IP exposure - cluster remains private
- Encrypted outbound-only connection
- Built-in DDoS protection and WAF
- Automatic SSL certificate management
2. Microservices Pattern
- Decoupled frontend and backend
- Independent scaling capabilities
- Service mesh ready architecture
3. Stateful Database with Persistent Storage
- PostgreSQL StatefulSet for stable network identity
- PersistentVolumeClaim ensures data durability
- Automated backups capability
4. JWT-Based Authentication
- Stateless authentication (no sessions)
- Scalable across multiple backend replicas
- Secure token validation with secret key
- JWT Tokens: Stateless authentication with 10-hour expiration
- BCrypt Hashing: Passwords hashed with BCrypt (strength: 10)
- Spring Security: Role-based access control (RBAC)
- CORS: Configured for production domain only
- Zero-Trust Architecture: Cloudflare Tunnel eliminates exposed ports
- Secrets Management: Kubernetes Secrets (base64 encoded at rest)
- Network Policies: Internal cluster communication only
- SSL/TLS: Automatic certificate management via Cloudflare
This project was a comprehensive learning journey in modern full-stack development and cloud-native technologies:
- Spring Boot Ecosystem: Deep dive into Spring Security, Spring Data JPA, and REST API design
- JWT Implementation: Stateless authentication with JJWT library
- Database Design: PostgreSQL schema design, JPA relationships, and HikariCP optimization
- Security Best Practices: BCrypt password hashing, CORS configuration, and HTTPS enforcement
- React Hooks: useState, useEffect, useContext for state management
- SPA Routing: Client-side routing with React Router
- API Integration: Asynchronous data fetching with error handling
- Responsive Design: Mobile-first CSS with modern layouts
- Containerization: Multi-stage Dockerfiles for optimized image sizes
- Kubernetes Orchestration:
- Deployments, StatefulSets, Services, Ingress
- ConfigMaps and Secrets management
- Resource requests and limits
- Health probes and auto-healing
- Cloudflare Tunnel: Zero-trust networking without public IP exposure
- High Availability: Load balancing across multiple replicas
- Persistent Storage: StatefulSets with PersistentVolumeClaims
- Docker Hub: Container registry management
- Declarative Infrastructure: Kubernetes manifests as code
- Version Control: Git workflows for infrastructure changes
- Service Discovery: Kubernetes DNS for inter-service communication
- Ingress Controllers: Traefik for path-based routing
- SSL/TLS Termination: Cloudflare managed certificates
- CORS: Cross-origin resource sharing configuration
Contributions, issues, and feature requests are welcome!
- Fork the project
- Create your feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
Gabriel Florea
- Website: tm.ggdevs.site
- GitHub: @floreaGabriel
- LinkedIn: Gabriel Florea
- Spring Boot Documentation
- React Official Docs
- Kubernetes Documentation
- Cloudflare Tunnel Guides
- Docker Best Practices
β Star this repo if you found it helpful!
Made with β€οΈ and β | Deployed on Kubernetes